• Miaoqing Pan's avatar
    mac80211: fix txq null pointer dereference · 8ed31a26
    Miaoqing Pan authored
    If the interface type is P2P_DEVICE or NAN, read the file of
    '/sys/kernel/debug/ieee80211/phyx/netdev:wlanx/aqm' will get a
    NULL pointer dereference. As for those interface type, the
    pointer sdata->vif.txq is NULL.
    
    Unable to handle kernel NULL pointer dereference at virtual address 00000011
    CPU: 1 PID: 30936 Comm: cat Not tainted 4.14.104 #1
    task: ffffffc0337e4880 task.stack: ffffff800cd20000
    PC is at ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
    LR is at ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
    [...]
    Process cat (pid: 30936, stack limit = 0xffffff800cd20000)
    [...]
    [<ffffff8000b7cd00>] ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
    [<ffffff8000b7c414>] ieee80211_if_read+0x60/0xbc [mac80211]
    [<ffffff8000b7ccc4>] ieee80211_if_read_aqm+0x28/0x30 [mac80211]
    [<ffffff80082eff94>] full_proxy_read+0x2c/0x48
    [<ffffff80081eef00>] __vfs_read+0x2c/0xd4
    [<ffffff80081ef084>] vfs_read+0x8c/0x108
    [<ffffff80081ef494>] SyS_read+0x40/0x7c
    Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
    Acked-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
    Link: https://lore.kernel.org/r/1569549796-8223-1-git-send-email-miaoqing@codeaurora.org
    [trim useless data from commit message]
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    8ed31a26
debugfs_netdev.c 24 KB